package com.cinnamon.rss.controller;

import java.util.ArrayList;
import java.util.Iterator;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import com.cinnamon.rss.model.Feed;
import com.cinnamon.rss.model.User;
import com.cinnamon.rss.repository.FeedRepository;
import com.cinnamon.rss.repository.UserRepository;

//	Class for handling authentication & registration operations
@Controller
public class AuthController {

	@Autowired
	private FeedRepository feedRepository;

	@Autowired
	private UserRepository userRepository;

	@Autowired
	// the bean is configured in application-security.xml
	private Md5PasswordEncoder passwordEncoder;

	public AuthController() {
	}

	// registration handling
	@RequestMapping(value = "/register", method = RequestMethod.POST)
	public String registerUser(@RequestParam("username") String username,
			@RequestParam("password") String password, ModelMap modmap) {

		// quasi-boolean variable, shows if the user is registered successfully
		String isRegistered = "false";

		User user = userRepository.findOne(username);

		// if no such user yet, create new one and save to DB
		if (user == null) {
			String hashedPassword = passwordEncoder.encodePassword(password,
					username);
			// create & save new user with hashed password
			user = new User(username, hashedPassword, User.ROLE_USER);
			userRepository.save(user);
			isRegistered = "true";
		}

		modmap.addAttribute("username", username);
		modmap.addAttribute("password", password);
		modmap.addAttribute("isRegistered", isRegistered);

		return "reg_result_view";
	}

	// handling of admin-page operations
	@RequestMapping(value = "/admin", method = RequestMethod.GET)
	public String showAdminPage(@RequestParam("username") String username,
			@RequestParam("action") String action, ModelMap modmap) {

		User user = null;

		// change "enabled" property
		if (action.equals("exable")) {
			user = userRepository.findOne(username);
			if (user.isEnabled()) {
				user.setEnabled(false);
			} else {
				user.setEnabled(true);
			}
			userRepository.save(user);
		}

		// change role
		if (action.equals("exrole")) {
			user = userRepository.findOne(username);
			if ((user.getRole()).equals(User.ROLE_ADMIN)) {
				user.setRole(User.ROLE_USER);
			} else {
				user.setRole(User.ROLE_ADMIN);
			}
			userRepository.save(user);
		}

		// delete user
		if (action.equals("delete")) {
			user = userRepository.findByUsername(username);
			if (user != null) {
				Iterator<?> it = feedRepository.findByUser(user).iterator();
				while (it.hasNext()) {
					Feed f = (Feed) it.next();
					feedRepository.delete(f);
				}
				userRepository.delete(user);
			}
		}

		ArrayList<User> usersList = (ArrayList<User>) userRepository.findAll();
		modmap.addAttribute("usersList", usersList);

		String principalName = SecurityContextHolder.getContext()
				.getAuthentication().getName();
		modmap.addAttribute("principalName", principalName);

		return "admin_page_view";
	}

}
